Finn Linked To Lizard Squad Christmas Attack

An anonymous reader writes Security researcher Mikko Hyppönen from F-Secure told the newspaper Helsingin Sanomat and Finland's MTV news that rumours have been circulating for several months about the Lizard Squad group of hackers who say they disrupted the two computer games console networks on Christmas Day. He confirmed that at least one of them is a Finn. One of the hackers, in a Skype interview from Finland by Britain's Sky News, said that the attack was carried out for amusement and to expose security flaws in the networks. Hyppönen told Helsingin Sanomat and MTV that his company has been aware of the hacker group for several months. 'According to our information, the group has members in the United States, Canada, England and at least one member in Finland,' he told MTV. The nationalities of other members that participated in the Christmas attack have not been confirmed. Hyppönen noted that these kinds of groups come and go, and that their members are usually young.

Erm

Since when did DDOS utilise a security flaw?

Re:Erm

[cseg]

Denial of Service is a very valid possible form of security flaw.

Re:Erm

Specifically: lack of AWS/GCE utilization and inefficient web application code. Basic example: if you allow users to make 1000 searches of your wiki in 1 sec: you're doing it wrong.

Re:Erm

[Zocalo]

The two are not mutually exclusive, especially if the effect of the security flaw is compounded by multiple connections, for instance being able to use the exploit to turn a child process into a zombie and another child to be spawned until resources are exhausted. There's two security flaws there; the ability for a remote client to zombify the children and not having a cap on the maximum number of children in the config.

Re: Erm

They did a 1.2 tb bandwidth crack that is 3x's larger than last time. They claim to control routers on some major pipelines. Those sir, are security flaws.

Re:Erm

Since they used over a hundred thousand compromised linux machines to carry out the attack. (Gee, that little detail isn't in the summary for some reason. I wonder why?)

Re:Erm

http://en.wikipedia.org/wiki/Information_security#Key_concepts

The "A" of CIA -- InfoSec's holy triad.

If availability can be compromised, it's a security flaw.

Re: Erm

It's not a computer security vulnerability any more than a flash mob in the mall is a physical security vulnerability.

You want to take measures to mitigate them but you are open for business, and they came in the front door.

If it were a vulnerability they'd close the doors.

ORLY!

[camg188]

No mention in TFA about how they determined this guy was in the Lizard Squad except that he claims to be.
"Rumors have been circulating", but no mention about what the rumors are or if they were involved with identifying this hacker.
Hey, but if it's on Finland's MTV then it must be true. But why is my skeptical sense tingling?

Re:ORLY!

Predicting what services would be taken down and when, suggest at least insider knowledge. These groups ar just script kiddies using existing exploits triggering remove DDoS attacks. Why so skeptical, it's trivial to do yourself.

Sony's recent data leaks have been knocking around for ages, they were found to have SQL injection exploits a good three months ago; although they did a good job of having the media pretend nothing was happening. These are the same elementary programming problems Sony had in 2011 when they shut down the PSN for a month and were roasted in congress, and again in 2008. Sony don't give a crap about security. The simple equation is which costs more, the negligible monetary damage from hacks, or the cost to fix their broken code. Business chose the former.

Re:ORLY!

But why is my skeptical sense tingling?

A meeting of lizards and spiders is know to cause tingling senses.

Re:ORLY!

Well, that's enough for me... bomb Finland.

Re:ORLY!

Despite its name, MTV is not the music television that you know, but a respected TV channel and news agency.

Re:ORLY!

Simple. If he says he is a member then just jail his arse without trial and lock him up for 20 years without early release. He won't be a smug ass then

Re:ORLY!

MTV here is not Finland's Music TeleVision but Mainos TV.

Re:ORLY!

[fintux]

The parent is not a joke and should not be modded as funny. The MTV in Finland is short for "mainostelevisio", literally "advertisement television", and is Finland's oldest commercial TV channel. It has absolutely nothing to do with the Music Television, and it actually IS a respected TV channel and news agency.

Re:ORLY!

The moderation made the whole thing extremely meta-funny, though. The joke is on, well, the moderators, although MTV3 has produced and is producing sensationalist news content to hook the viewers. Entertainment is at the core of the business model of the channel.

Might use DNS amplification

[grimJester]

Not an expert, but DDoS attacks can use security flaws and often do.

Profile of the perps:

[BarbaraHudson]

Hyppönen noted that these kinds of groups come and go, and that their members are usually young.

This is to be expected, as the perps have xbox and playstation accounts, have probably gotten a few bans for cheating, or even kicked off the networks, and have a disproportionate sense of self-entitlement.

That should help narrow it down to a few million suspects.

Re:Profile of the perps:

[Rashdot]

They could also be Finnish Thin Lizzy fans.

clarification for 'mericuns

[Noah+Haders]

a Finn is the name for a person from Finland. Finland is a country in Europe, kind of in the north, near Russia.

Re:clarification for 'mericuns

[quenda]

Finland, Finland, Finland
The country where I want to be
Pony trekking or camping
Or just watching TV
Finland, Finland, Finland
It's the country for me

You're so near to Russia
So far from Japan
Quite a long way from Cairo
Lots of miles from Vietnam

Finland, Finland, Finland
The country where I want to be
Eating breakfast or dinner
Or snack lunch in the hall
Finland, Finland, Finland
Finland has it all

You're so sadly neglected
And often ignored
A poor second to Belgium
When going abroad

Finland, Finland, Finland
The country where I quite want to be
Your mountains so lofty
Your treetops so tall
Finland, Finland, Finland
Finland has it all

Re:clarification for 'mericuns

You're overcomplicating things. All you need to say is: Christian, white, therefore not a drone target. That's the only information an American needs about foreigners.

Re:clarification for 'mericuns

Computer programmer from Finland... that must be Linus Torvalds, right?

- An American

Re:clarification for 'mericuns

[TechyImmigrant]

Levi in January is unreasonably cold in my experience.

Re:clarification for 'mericuns

Also:

Q: What is the closest thing to a fish's arsehole?

A: A fin(n)!

Re:clarification for 'mericuns

[RevWaldo]

I just assumed they meant THE Finn.

http://williamgibson.wikia.com...

.

A computer security engineer's non hackable gifts

[mallyn]

I am a computer security engineer where I work.

However, in my own personal life, I am just plain very old fashioned.

I made each family member a gortex rain jacket by hand, using a non-computerized sewing machine.

People say this is old fashioned, considering that I work with computers every day.

Well, now I can say to them that my gifts cannot be hacked or DDOS'd.

"has been aware of the hacker group"...

"has been aware of the hacker group for several months"...

And the security problem for how long?
And done nothing?

And "OMG! I am the Voice Of Reason" is really screwed up because I have nothing to do with this community.

you mean, their twitter accont showing "Finland"..

[GNious]

You man that their official twitter account showing "Finland" as location, was enough of a hint? :)

Re:A computer security engineer's non hackable gif

I bet i can find somthing to spray on your jacket that will make the water go right thru it.
Everything can be hacked. Hack the Planet!

Re:A computer security engineer's non hackable gif

I have a saw that can hack your jacket to bits. Those in the know call them "hack saws". Other, less sophisticated, hackers might choose to hack your jacket with an axe.

As a Finnish person

who gives a dog's turd where these script kiddies originate from?

Re: As a Finnish person

Just get the fuckers locked up, all this ddos crackers are like wasps at a picnic, lots of people having a wonderful time until they rear there ugly head.

People often ask why does a banker get no jail time but a common shoplifter gets time inside. Well its because nobody has any respect for a common criminal so lock them up so kids can enjoy their PlayStation's.

Well, that's vague

[wonkey_monkey]

Finn Linked To Lizard Squad Christmas Attack

Also he was a guy and is likely to have two legs.

Is it bad that my first thought was that it was the guy from Tron?

dem haxxorz

dey be haxxin

I don't have a problem

[p51d007]

With people exposing security flaws, BUT when they do it for self gratification, I do. If there was a problem, they should have notified the network owner, worked with them to correct it. Perhaps they did, & Sony told them to buzz off, so they said... Ok, watch this.

Confirmation

[Martin+S.]

We still seem to be missing any independent confirmation of the Lizard Squad twitter claims. Until we do the most likely explanation is peak demand, they were slash-dotted by Christmas.

English member of Lizard Squad is Vinnie Omari?

There was a "security analyst" named Vinnie Omari also interviewed by Sky News in that report with the skyped-in Finn. Vinnie Omari starts at 4:35 of https://www.youtube.com/watch?v=ngp4kSB5z80

The man interviewed on BBC Radio 5 the day before who claimed to be a member of Lizard Squad had exactly the same voice as this Vinnie Omari: http://www.bbc.co.uk/programmes/p02g06gs

MTV News?

[phizi0n]

I know slashdot has devolved drastically but has it really gotten to the point where it needs to reference MTV News for computer security topics?

Re:MTV News?

Despite its name, MTV is not the music television but a respected Finnish TV channel.

Re:MTV News?

[TeknoHog]

"Respected" as in the only nation-wide commercial channel for a long time, before the digital channel explosion. The M stands for "mainos" or commercial/advert, which was distinctive at a time when most programming came from the publicly funded national broadcasting company.

Re:A computer security engineer's non hackable gif

Does your gortex rain jacket stop meth dealers approaching you when you get on the max?

What in the Helsinki are you waiting for?

You better fly there before time runs out, gumshoe.

Re:A computer security engineer's non hackable gif

Well, now I can say to them that my gifts cannot be hacked or DDOS'd.

Well, you could always employ some smart fabrics with sensor net and a low energy BT interface to your cell phone in your next rain coat project. People everywhere should know when it rains and how warm and polluted it is. Hackable clothing with a sensor net feeding anonymized environmental data to the city systems, the wet dream of any city environmental engineer.

There's this

[hh4m]

http://pastebin.com/gskVW3ae

Here is a dox of all the lizard squad members. Do what you like with this information.

  Lizard Squad "Member" #1:
  'Chief' a/k/a 'ChF' a/k/a 'ChFTheCat' a/k/a 'Devin Bharath'
  Devin Bharath 1765 lawrence ave east apt 310 scarborough ON
  Sara S Bharath
  Home (905) 509-1626
  1013 Lytton Crt
  Pickering, ON L1W 3Z2
  N Bharath
  Home (905) 551-2206
  34 Longview Dr
  Bradford, ON L3Z 2H3
  2901 Kipling Ave
  Toronto, ON M9V 5E5

  Lizard Squad "Member" #2:
  'Criminal' a/k/a 'c' a/k/a 'Fatally'
https://twitter.com/Fatally

  Lizard Squad "Member" #3:
  'Vypor' a/k/a 'VyporSquad' a/k/a 'Taylor Smyth'
  Name: Taylor Hayden Smyth /aka/ vypor
  DOB: 11/17/1998
  Address: 3845 Sunset Ln, Oxnard, CA 93035
https://twitter.com/VyporSquad

  Lizard Squad "Member" #4:
  'KMS' a/k/a 'Rory Godfrey'
  Name: Rory Andrew Godfrey
  Address: 1620 One Wellington, Beaumont, TX 77706 (Lives with family could be in the Rowlett, TX area)
  Skype: u.n.d.e.r.s.c.o.r.e

  Lizard Squad "Owner" #5:
  'TakenTheGod' a/k/a
  Lizard squad was created by Taken The God. He is a former member of WyM friends of VM H is twitter is @TakenTheGod, also runs #NaziSec, #MrSquad, #SwaggSec.

  Instagram: http://instagram.com/swattedd
  Skype: Insta.Host Or swattedd
  Twitter: @swattedd -
  His (InstaHost #): (520) 441-1120

Only did this because I don't have time to deal with them. What they're doing is pretty amateurish
I got wind Rory was trying to DDoS my site on cloudfare and insult me on here
Silly little Billy
don't mess with me or my Fine Squad

Cal Lemming @sleepycal
CyberHQ

I'm sorry but...

'said that the attack was carried out for amusement'

I'm sorry but as soon as I see comments like this you've lost me. Find 'em, string 'em up, by the nuts. Bye, bye ahole.

Police sources

Helsingin Sanomat (the main Finnish newspaper) cited police sources saying that the Finn in question is an "old acquittance" of the police but due to being underage they could not reveal what crimes he has been involved in. Between the lines it was possible to read that he's been involved in similar activities earlier (and gotten caught).

PSN DDOS

attacking a 75Bn$ company’s service and marketing presence is picking a fight in the wrong way. It will eventually make federal agencies develop a working process for dealing wih these kinds of attacks. Further, it wil bring the wrong kind of heat that you can’t stand and attention that you can’t diffuse or deflect.

Re:A computer security engineer's non hackable gif

[mallyn]

No! I have been riding the MAX for 12 years. I have never been approached by any dealers of anything just because of my jacket.